Google has made SSL security certificates mandatory. Is your site secure enough? Click here to learn how to get a Google SSL cert and keep your site up to date.
Keyword(s): ssl certificate
An SSL certificate gives you the "HTTPS" in front of your domain address (rather than just "HTTP"). This stands for "Hypertext Transfer Protocol Secure." For reference, only 71 of the 100 most popular websites had enabled HTTPS in 2017. But that was up from 37 in 2016.
If you don't have an SSL certificate, your website may not be secure. More importantly, there's no reason for anyone else to think it is.
Do you think your website is secure enough for an SSL certificate? If not, learn more below and discover how you can secure your website.
"SSL" stands for "Secure Sockets Layer," which is an old name for the communication encryption protocol known as "Transport Layer Security."
An SSL certificate is a small data file that binds a cryptographic key to your company's details. In other words, it certifies the identity of your website and encrypts data sent to and from your server using SSL technology.
Think of it as a digital passport. It tells any browsers (or humans) interacting with your site that you are who you say you are. It also tells them that any data they input on your site, like a credit card number, will be safe.
Not long ago, most websites didn't have an SSL certificate. It all started with the Google SSL Certificate update and their push to have "HTTPS everywhere."
In 2014, Google tried to encourage more websites to enable HTTPS. The key to this initiative was raising awareness about SSL certificates. This was mildly effective.
Then, Google listed SSL as a ranking factor for its search engine. That got people's attention. More and more websites started prioritizing SSL certificates.
By 2017 half of the web was encrypted, according to Wired.
Then, in July of 2018, Google announced that it would flag websites that didn't have SSL certificates. Most businesses now have an incentive to use encryption. Otherwise, they risk being shamed by Google.
Getting your Google SSL cert is not about pleasing Google. It's about the health and security of your website. Whether your website is hosted on Google servers or not, you should obtain an SSL certificate.
SSL certifications are only provided by organizations called Certificate Authorities (CAs). These are typically third-party organizations that have a good reputation. However, your web hosting provider may also be a CA.
This makes it difficult for bad actors to obtain SSL certificates for their own illegitimate websites. Websites must be verified and vetted by a CA before they receive a certificate.
As a security layer, an SSL certificate encrypts all the messages being sent to your server. If any of those messages are intercepted by hackers, they are useless. They end up as gobbledygook and cannot be encrypted without a key.
That makes them essential for online retailers. With so much sensitive data being sent over the network, there needs to be an encryption protocol. Otherwise, customer credit card numbers, email addresses, and phone numbers are all easy pickings for hackers.
An SSL certificate also helps to build trust. Most browsers now warn users when they are accessing a website without one.
Without a Google SSL certificate, your website could lose a great deal of traffic. What reason do people have to trust your website if Google Chrome telling them not to?
There are also many threats and challenges facing business website and online retailers.
It's important to note: Your SSL certificate only protects against some threats. Just because you have one, that doesn't mean your website is completely secure.
SSL secures and encrypts your network communication link. It prevents unwanted parties from hijacking, or "listening" to communications between a user and your website.
Cybercriminals have developed bots that can crawl the web for vulnerabilities in networks. So, it isn't just a guy in a basement on a computer anymore. Cybercrime is now automated.
Naturally, communications on your website may contain sensitive or private data. This is data that only you and your customers or users should be privy to. If it isn't encrypted, you or your customers could have your data or, worse, your identities stolen.
This type of eavesdropping is not as common as other types of cyber-attacks. But there's no good reason to not get an SSL certificate. You should obtain one to protect and reassure your users and/or customers.
Then, keep your SSL certificate up to date.
Do you remember the Equifax data breach? That incident was the result of many problems. But one of Equifax's biggest mistakes was that their digital certificate was about 10 months expired.
That said, here are some of the most common threats to websites and online retailers:
This is a type of malicious software that encrypts your files. You can only unencrypt your files by paying the hackers a ransom, typically in an untraceable currency like Bitcoin.
Ransomware enters a system in three ways:
The best way to avoid ransomware is to train everyone at your company to avoid bogus emails and stay off suspicious websites. The easiest way to avoid suspicious websites is, of course, to only go to websites that have a valid SSL certificate.
Ransomware doesn't necessarily affect your website, although it could. Typically, it will attack and encrypt your computer files.
Malware is any type of malicious software. It may be used by hackers to collect data or to extort money. For example, ransomware is a type of malware.
Malware can get onto your website when hackers or bots take advantage of security vulnerabilities. These vulnerabilities could exist because you don't have security enabled or you haven't updated your plug-ins and themes.
Once on your website, malware might do the following:
The most common reasons criminals use malware are to make a profit (through ads), to sabotage a company or organization, or just because they think it's funny.
To prevent malware from infecting your site, use basic security protocols. Be sure to update your operating system, themes, and plug-ins regularly. Keep your SSL certificate up-to-date and avoid websites with faulty certificates.
Phishing is a type of "social engineering" scam. Typically, someone posing as a colleague will send one of your employees an email. That email will contain a malicious link that installs malware on their computer.
The best way to avoid phishing emails is to train your employees.
A Distributed Denial-of-Service (DDoS) attack is an attempt to make an online service (like your website) unavailable. This is accomplished by overwhelming it with traffic. It is not an invasive attack, but it can cause major problems.
DDoS attacks are often executed with automated software. But sometimes, they are done by many individuals at once.
You can mitigate the damages from these attacks by:
DDoS attacks are sometimes used by "hacktivists" to overwhelm parties they disagree with. But a DDoS attack could happen to anyone with a website.
Does your website take text inputs? If so, you shouldn't be asking, "Does my website need SSL?"
You need a Google SSL certificate or an SSL certificate from another reputable organization to protect you and your customers.
Once you add SSL to Google domain, or whichever domain you use, you can start thinking about ways to improve your website.
Do you want to dramatically decrease your page load time and increase your mobile application performance? Learn how the Nitrogen Platform can improve the user experience and make online conversions skyrocket.
Feel free to get in touch with us or request a demo on our homepage.